It was recently discovered that a cluster of Linux servers were not only serving up the legitimate websites hosted on them, but malware and spyware as well. Normal internet traffic is conducted over port 80; this is the industry standard. These servers were also using a connection over port 8080 to inject the malware and spyware in to the computer that was visiting the website. Because it's been found to be done in iframes, the visitor had no clue until the computer was already infected and they were seeing the pop ups for Antivirus 2010, Super Antivirus etc...
In essence, you could visit a completely legitimate website and wind up infected. This was the result of poorly secured Linux servers. So how does it work once you're infected? After infecting a computer, the program literally takes control and, in most cases, blocks the user from being able to make an internet connection through a web browser. You are flooded with fake pop up's telling you your computer is infected with thousands of viruses but that's only what it's doing on the surface.
After taking control of your internet connection the program starts using your computer to send out spam and phishing email, sniff ports on other computers to check for vulnerabilities in their firewalls, gather personal data such as banking and credit card info etc... It connects to the master server and starts taking directions from there and often times it's used to infect many more computers with the same nasty infection that it has.
This is a culmination of both poorly secured web servers and ill informed PC users. Together, we need to focus on stamping out these infections not just on the computers, but on the SERVERS as well. If we can kill this at the server level then the infection rate will decrease.
Posts
No comments:
Post a Comment